Displaying 20 results from an estimated 66 matches for "lnffvg".
2017 Nov 10
1
[Curiosity] Default domain, DC and DM...
In my DC, without setting explicitly a 'winbind default domain', i can
check logins domainless:
root at vdcsv1:~# id gaio
uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administr...
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
...up (i'm short in
fantasy, today ;) and i've created an 'mta' user, both user and group
in 'Restricted' OU, of course.
And i've added 'mta' to 'Restricted' group.
Clearly, in an DC, a xID get assigned to group:
root at vdcsv1:~# getent group Restricted
LNFFVG\restricted:x:3000026:
but by the same way 'mta' user get by default the 'Domain Users' group
(and others, seems):
root at vdcsv1:~# getent passwd mta
LNFFVG\mta:*:3000025:10513:MTA Restricted:/home/mta:/bin/bash
root at vdcsv1:~# id mta
uid=3000025(LNFFVG\mta) gid=10513(LNFFVG...
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
In Squid i've added:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users'
auth_param ntlm children 5
but in 'cache.log' i got:
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
I've tried some escape tecniques for...
2018 Sep 24
3
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
...guest = Bad User
max log size = 5000
netbios aliases = CUPSSV FILESV HOMESV
panic action = /usr/share/samba/panic-action %d
printcap name = cups
realm = AD.FVG.LNF.IT
security = ADS
username map = /etc/samba/user.map
winbind offline logon = Yes
winbind use default domain = Yes
workgroup = LNFFVG
spoolss: architecture = Windows x64
rpc_daemon:spoolssd = fork
rpc_server:spoolss = external
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : schema_mode = rfc2307
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : backend = ad
idmap config * : range = 5000-9999...
2018 Feb 08
2
Again guest access and machine account...
...0, 0), class=auth] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [MALCOBB$@AD.FVG.LNF.IT]
[2018/02/08 12:21:49.457896, 10, pid=2619, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_krb5.c:83(get_user_from_kerberos_info)
Domain is [LNFFVG] (using PAC)
[2018/02/08 12:21:49.457938, 4, pid=2619, effective(0, 0), real(0, 0)] ../source3/auth/user_util.c:362(map_username)
Scanning username map /etc/samba/user.map
[2018/02/08 12:21:49.457980, 10, pid=2619, effective(0, 0), real(0, 0)] ../source3/auth/user_util.c:196(user_in_list)...
2018 Sep 05
0
Upgraded a member server to 4.8, rfc2307 data?
Hai Marco,
The idmap config part. The this for the member.
## map id's outside to domain to tdb files.
idmap config *: backend = tdb
idmap config *: range = 5000-9999
## map ids from the domain and (*) the range may not overlap !
idmap config LNFFVG: backend = ad
idmap config LNFFVG: schema_mode = rfc2307
idmap config LNFFVG: range = 10000-49999
idmap config LNFFVG: unix_nss_info = yes
idmap config LNFFVG: unix_primary_group = yes
And about :
[2018/09/04 16:37:11.137151, 0] ../lib/param/loadparm.c:398(lp_bool)
lp_bool(y...
2023 May 26
1
PAM Offline Authentication in Ubuntu 22.04...
...ba/log.%m
map to guest = Bad User
panic action = /usr/share/samba/panic-action %d
printcap name = /dev/null
realm = AD.FVG.LNF.IT
security = ADS
syslog = 0
username map = /etc/samba/user.map
usershare max shares = 0
winbind offline logon = Yes
winbind use default domain = Yes
workgroup = LNFFVG
idmap config lnffvg : unix_primary_group = yes
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : schema_mode = rfc2307
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : backend = ad
idmap config * : range = 5000-9999
idmap config * : backend = tdb
printing = bsd...
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
...y found a little strange thing, i think related to the fact
> that in my DM i've set 'winbind use default domain = yes'.
>
>
> Folowing the wiki, i've enabled offline logon and then done:
>
> ['smbcontrol winbind online'
> root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
> Enter LNFFVG\gaio's password:
> plaintext kerberos password authentication for [LNFFVG\gaio]
> succeeded (requesting cctype: FILE) credentials were put in:
> FILE:/tmp/krb5cc_0
>
> ['smbcontrol winbind offline']
> root at vdmsv1:~# wbinfo -K LNFFVG\\gai...
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
...domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H ldap://vdcsv1.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(&(objectClass=user)(sAMAccountName=gaio))" | egrep -i "(unixhome|shell)"
loginShell: /bin/bash
unixHomeDirectory: /home/gaio
smb.conf seems ok to me:
root...
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
On Mon, 28 Jan 2019 12:52:45 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS''
> > > one (seems to me)?
> > The problem is (for myself anyway), I do not understand the
>
2023 Aug 29
1
GlusterFS, move files, Samba ACL...
...name = cups
realm = AD.FVG.LNF.IT
security = ADS
socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15
syslog = 0
username map = /etc/samba/user.map
usershare max shares = 0
winbind offline logon = Yes
winbind use default domain = Yes
wins support = Yes
workgroup = LNFFVG
spoolss: architecture = Windows x64
rpc_daemon:spoolssd = fork
rpc_server:spoolss = external
idmap config lnffvg : unix_primary_group = yes
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : schema_mode = rfc2307
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : b...
2017 Sep 26
3
Domain member server: user access
Hai Rowland,
Im pretty sure this is a bug in the DC part.
I'll show.
On the DC.
dc1:~# getent passwd winadmin
NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash
wbinfo --group-info="Domain Users"
NTDOM\domain users:x:100:
id winadmin
uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)
2019 Jan 29
0
Winbind, cached logons and 'user persistency'...
..., it is if I
> haven't been anywhere.
This is what i supposed to work mee too. Seems not.
You have also your user in /etc/passwd? O;-)
> You seem to be doing something wrong ;-)
Probably. But i don't understand what. Authentication works as
expected:
root at vdmsv2:~# wbinfo -K LNFFVG\\gaio
Enter LNFFVG\gaio's password:
plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
root at vdmsv2:~# smbcontrol winbind offline
root at vdmsv2:~# wbinfo -K LNFFVG\\gaio
Enter LNFFVG\gaio's p...
2017 Sep 26
0
Domain member server: user access
...tion:
root at vdcsv1:~# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
netbios name = VDCSV1
realm = AD.FVG.LNF.IT
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = LNFFVG
server role = active directory domain controller
template homedir = /home/%U
template shell = /bin/bash
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/ad.fvg.lnf.it/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
and i've c...
2017 Nov 07
0
Best practice for creating an RO LDAP User in AD...
...;) and i've created an 'mta' user, both user and group
> in 'Restricted' OU, of course.
> And i've added 'mta' to 'Restricted' group.
>
> Clearly, in an DC, a xID get assigned to group:
>
> root at vdcsv1:~# getent group Restricted
> LNFFVG\restricted:x:3000026:
>
> but by the same way 'mta' user get by default the 'Domain Users' group
> (and others, seems):
>
> root at vdcsv1:~# getent passwd mta
> LNFFVG\mta:*:3000025:10513:MTA Restricted:/home/mta:/bin/bash
> root at vdcsv1:~# id mta
>...
2017 Sep 26
1
Domain member server: user access
...estparm
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> netbios name = VDCSV1
> realm = AD.FVG.LNF.IT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = LNFFVG
> server role = active directory domain controller
> template homedir = /home/%U
> template shell = /bin/bash
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/ad.fvg.lnf.it/scripts
> read only = No
>
> [sysvol]
> path =...
2018 Sep 24
2
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
...39;root', where indeed password
> does not match (and UNCI-UNCI\root does not exist ;).
>
>
> What really does not understand is:
>
> a) why evidently in samba 4.5 this mapping get NOT done.
>
> b) i've tried to modify 'user.map' from:
>
> !root = LNFFVG\Administrator LNFFVG\administrator
> Administrator administrator
>
> to
> !root = LNFFVG\Administrator LNFFVG\administrator
>
> hoping in strict matching, but seems that match still get done (but
> i've only reload smbd, not restarted it).
>
>
> And, sorry ro...
2017 Dec 18
0
DM and ''offline'' PAM (and NSS?)...
...to work as expected.
I've only found a little strange thing, i think related to the fact
that in my DM i've set 'winbind use default domain = yes'.
Folowing the wiki, i've enabled offline logon and then done:
['smbcontrol winbind online'
root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
Enter LNFFVG\gaio's password:
plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
['smbcontrol winbind offline']
root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
Enter LNFFVG\gaio's passwor...
2017 Dec 18
0
DM and ''offline'' PAM (and NSS?)...
...y found a little strange thing, i think related to the fact
> that in my DM i've set 'winbind use default domain = yes'.
>
>
> Folowing the wiki, i've enabled offline logon and then done:
>
> ['smbcontrol winbind online'
> root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
> Enter LNFFVG\gaio's password:
> plaintext kerberos password authentication for [LNFFVG\gaio]
> succeeded (requesting cctype: FILE)
> credentials were put in: FILE:/tmp/krb5cc_0
>
> ['smbcontrol winbind offline']
> root at vdmsv1:~# wbinfo -K LNFFVG\\g...